There are several implementations of ByteBuffer.GetStringUTF8 depending on the compile flags. The one for #if ENABLE_SPAN_T && UNSAFE_BYTEBUFFER does not do a bounds check even when BYTEBUFFER_NO_BOUNDS_CHECK is not enabled. This can result in a read past the end of the buffer, which can end up disclosing additional memory and/or creating an access violation.

One fix would be to add AssertOffsetAndLength(startPos, len) into the body of the method. Other methods in this file should probably be audited to see if they have the same concern.